1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: Apple PICT file PnSize CVE-2011-0257

Attack: Apple PICT file PnSize CVE-2011-0257

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This Signature detects buffer-overflow exploitation in Apple QuickTime.

Additional Information

Apple QuickTime is a media player that supports multiple file formats.

Apple QuickTime is prone to a stack-based buffer-overflow vulnerability because of a failure to properly bounds-check user-supplied data. The problem occurs because of a signedness error when handling the PICT files.

Successful exploits will allow attackers to execute arbitrary code in the context of the currently logged-in user; failed exploit attempts may cause denial-of-service conditions.

Versions prior to QuickTime 7.7 are vulnerable.

Affected

  • Versions prior to QuickTime 7.7 are vulnerable.

Response

Vendor updates are available. Please see the references for more information.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube